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WHAT TS CLATMRD TS : 

1 . A system providing secure transfer of data, said system comprising: 
a client system; 
a server; 

a security system interposed between said client system and said server for 
controlling communications between said client system and said server, said security 
system including: 

a first proxy system and a second proxy system, said first 
proxy system coupled between said client system and said second 
proxy system, and said second proxy system coupled between said 
server and said first proxy system; 

a firewall coupled between said first proxy system and said 
second proxy system, said firewall restricting data flow between said 
first proxy system and said second proxy system to outbound 
communications through a single port on said firewall; 
wherein all FTP data are transferred between said client system and said 
server through said single port on said firewall. 

2. The system of claim 1, wherein said client system provides an 
identification of said server to said first proxy system; 

said first proxy system forwards said identification to said second proxy 
system through said single port on said firewall; and 

said second proxy system uses said identification to establish a data transfer 
session with said server. 

3. The system of claim 2, wherein said server establishes a command 
channel with said client system through said security system. 
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4. The system of claim 2, wherein said server transmits a representation 
of a socket to be used for a data channel to said cUent system. 

5. The system of claim 4, wherein prior to forwarding said represented 
socket to said client system, said first proxy system modifies said representation of 
said socket by substituting said first proxy system's IP address for said server's IP 
address. 

6. The system of claim 5, wherein said client system transmits a request 
through said security system for data located on said server, 

7. The system of claim 6, wherein said first proxy system forwards said 
modified request through said single port on said firewall to said server, 

8. The system of claim 7, wherein said second proxy system modifies 
said request by substituting said server's IP address for said first proxy system's IP 
address, 

9. The system of claim 8, wherein said server transmits data 
corresponding to said request to said second proxy system, and said data 
corresponding to said request for data is forwarded by said second proxy system 
through said single port on said firewall to said first proxy system. 

10. The system of claim 9, wherein said first proxy system forwards said 
data corresponding to said request for data to said chent system. 

1 1 . The system of claim 1 , fiirther comprising a plurality of servers and a 
plurality of chent systems, wherein all data transferred between said plurality of 
servers and said pluraHty of clients are transferred through said single port on said 
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firewall. 

12. A method for providing secure transfer of data, said method 
comprising: 

using a client system to request data; 
using a server to provide data; 

controlling cormnunications between said chent system and said server using 
a security system, said security system including: 

a first proxy system and a second proxy system, said fnst 
proxy system coupled between said chent system and said second 
proxy system, and said second proxy system coupled between said 
server and said first proxy system; 

a firewall coupled between said first proxy system and said 
second proxy system, said firewall restricting data flow between said 
first proxy system and said second proxy system to outbound 
communications through a single port on said firewall; 
using said security system to transfer said data between said client and said 
server; and 

restricting all flow of FTP data passing through said security system through 
a single port on said firewall. 

13. The method of claim 12, further comprising providing to said first 
proxy system an identification of said server by said chent system; 

forwarding said identification to said second proxy system by said first proxy 
system through said single port on said firewall; and 

using said identification by said second proxy system to establish a data 
transfer session with said server. 
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14. The method of claim 13, further comprising establishing a command 
channel by said server with said cUent system through said security system. 

1 5 . The method of claim 1 3 , further comprising transmitting a 
representation of a socket to be used for a data channel by said server to said cUent 
system. 

16. The method of claim 15, further comprising modifying said 
representation of said socket by said first proxy system. 

17. The method of claim 16, wherein said modifying step further 
comprises substituting said fu"st proxy system's IP address for said server's IP 
address. 

18. The method of claim 1 7, further comprising forwarding said 
modified represented socket to said chent system 

19. The method of claim 18, further comprising transmitting a request 
through said security system for data located on said server by said chent system. 

20. The method of claim 19, further comprising modifying said request 
by said first proxy system, prior to forwarding said request. 

21 . The method of claim 20, wherein said modifying step further 
comprises substituting said server's IP address for said first proxy system's IP 
address. 

22. The method of claim 2 1 , further comprising forwarding said modified 
request through said single port on said firewall by said first proxy system to said 
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server. 

23. The method of claim 22, further comprising transmitting data 
corresponding to said request to said second proxy system by said server, and 
forwarding said data corresponding to said request by said second proxy system 
through said single port on said firewall to said first proxy system. 

24. The method of claim 22, fiirther comprising forwarding said data 
corresponding to said request by said first proxy system to said client system. 

25. The method of claim 12, fiirther comprising requesting data on a 
plurality of servers by a plurality of client systems. 



{00539705.2} 



